Lucene search
K

6088 matches found

Nuclei
Nuclei
added 4 hours ago100 views

JumpServer > 3.6.4 - Information Disclosure

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

8.2CVSS6.8AI score0.55861EPSS
Exploits5References5
NVD
NVD
added yesterday6 views

CVE-2026-50644

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42576

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-50644

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-50644

CVE-2026-50644 affects SOPlanning. The vulnerability is an SQL injection in the audit retention configuration, exploitable by an attacker with high privileges (parameters_all rights) who can inject SQL through the audit configuration form; execution occurs when the audit functionality is accessed...

8.6CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2026-50644 SQL Injection in SOPlanning Audit Retention Configuration

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-31984

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS0.00274EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42534

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS6AI score0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-31984

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS6AI score0.00274EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-31984

CVE-2026-31984 affects Guardian/CMC prior to version 26.2.0, where unbounded resource allocation in the audit logging path allows an unauthenticated attacker to submit oversized input, potentially exhausting disk space and causing DoS. Root cause: missing input size limit in audit entries. Impact...

8.7CVSS6AI score0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-31984 DoS through oversized audit log entries in Guardian/CMC before 26.2.0

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS0.00274EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday100 views

Jenkin Audit Trail <=3.2 - Cross-Site Scripting

Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2140 info: name: Jenkin Audit Trail =3.3 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.3AI score0.75975EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-8800

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

8.8CVSS0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-8800 Cross-Org External Token Metadata accessible to AuditUser role

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42384

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-8800

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score0.00183EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago12 views

CVE-2026-8800

CVE-2026-8800 concerns an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected software is MOVEit Transfer; impact involves unauthorized access across confidentiality, integrity, and availability (CVSS v3.1 base score 8.8, HIGH). Affected versions are MO...

8.8CVSS5.9AI score0.00183EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2 days ago7 views

CVE-2026-59897

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-59897 Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS0.00124EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

BIT-VAULT-2026-5051 Audit Log Plugin Directory Guard Bypass via Legacy path Option

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS6AI score0.00278EPSS
Exploits0References2
Rows per page
Query Builder